Gabi Dobocan, writing at auditing agency Sandworm: Greater than half of all new packages which might be at the moment (29 Mar 2023) being submitted to npm are search engine marketing spam. That’s – empty packages, with only a single README file that comprises hyperlinks to varied malicious web sites. Out of the ~320k new npm packages or variations that Sandworm has scanned over the previous week, not less than ~185k had been labeled as search engine marketing spam. Simply within the final hour as of writing this text, 1583 new e-book spam packages have been printed. All of the recognized spam packages are at the moment dwell on npmjs.com.
Learn extra of this story at Slashdot.